Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2017-03-04 CVE-2017-6470 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-04 CVE-2017-6469 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-03-04 CVE-2017-6468 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2017-03-04 CVE-2017-6467 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-03-03 CVE-2017-5356 Out-of-bounds Read vulnerability in multiple products
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
network
low complexity
irssi debian CWE-125
7.5
7.5
2017-03-03 CVE-2017-5194 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
network
low complexity
irssi debian CWE-416
7.5
7.5
2017-03-03 CVE-2017-5193 NULL Pointer Dereference vulnerability in multiple products
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
network
low complexity
irssi debian CWE-476
7.5
7.5
2017-03-01 CVE-2016-9830 Improper Input Validation vulnerability in multiple products
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
local
low complexity
graphicsmagick debian opensuse CWE-20
5.5
5.5
2017-03-01 CVE-2017-5976 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
local
low complexity
zziplib-project debian CWE-787
5.5
5.5
2017-03-01 CVE-2017-5975 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
local
low complexity
zziplib-project debian CWE-787
5.5
5.5